Docker: 企业级镜像仓库Harbor的使用
上一节,演示了Harbor的安装部署
这次我们来讲解 Harbor的使用。
我们需要了解到:
1. 如何推镜像到镜像仓库
2. 如何从镜像仓库拉取镜像
3. 如何运行从私有仓库拉取的镜像
# 查看 harbor服务状态,都是up说明 harbor服务状态正常
[root@192 harbor]# docker-compose ps
如果状态不对,使用docker-compose restart重启,或者使用docker-compose up -d 启动容器,并后台运行
浏览器打开 http://192.168.1.30 用户名:admin 密码:Harbor123456(在harbor.cfg配置的默认密码,在部署harbor过程中没有修改过,所以用默认密码登录)
可以通过[新建项目]来创建项目,
访问级别:公开,代表不需要登陆账号就拉取(下载)镜像; 私有,代表必须有登陆账号和账号的项目权限正确才可以拉取(下载)镜像; 不管什么访问级别,推送(上传)镜像到harbor仓库,必须先登陆账号,并且登陆账号的项目权限正确。
新建了一个用户:testuser1,密码:Test12345567;
给用户testuser1添加library项目的权限
docker和harbor之间交互的基本使用:
1、配置http镜像仓库可信任(docker默认是通过https访问harbor的,但是私有仓库是在公司内网的话,没有必要配置https, 所以我们要在daemon.json配置harbor服务器地址被docker认为是可信任的站点;如果docker通过https访问harbor,就不需要进行如下设置)
# vi /etc/docker/daemon.json
{"insecure-registries":["192.168.1.30"]}
格式不能写错,修改该配置后,需要重启docker服务,如果写错,重启docker会有问题。
# systemctl restart docker #重启docker的话,要留意一下,通过docker启动的容器是否正常运行, harbor就启动在docker容器里的,所以需要用docker-compose ps查看harbor服务状态,如果harbor状态不全是Up状态,那么使用 docker-compose up -d 再次启动所有
2、打标签
# docker tag centos:6 192.168.1.30/library/centos:6
3、上传
# docker push 192.168.1.30/library/centos:6
4、下载
# docker pull 192.168.1.30/library/centos:6
#修改docker的配置文件daemon.json(docker通过http访问harbor的话,需要配置harbor的服务器地址为可信任;如果通过https方式访问harbor,这里不需要修改) [root@192 harbor]# vi /etc/docker/daemon.json [root@192 harbor]# cat /etc/docker/daemon.json {"registry-mirrors": ["http://f1361db2.m.daocloud.io"], "insecure-registries":["192.168.1.30"] } #重启docker [root@192 harbor]# systemctl restart docker #重启查看harbor状态,因为harbor也是运行在docker容器里的,容器服务重启,相应的容器也要检查一下状态是否正常 [root@192 harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------- harbor-adminserver /harbor/start.sh Exit 137 harbor-db /entrypoint.sh postgres Exit 255 harbor-jobservice /harbor/start.sh Exit 137 harbor-log /bin/sh -c /usr/local/bin/ ... Up (health: starting) 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh Up (health: starting) nginx nginx -g daemon off; Exit 128 redis docker-entrypoint.sh redis ... Exit 128 registry /entrypoint.sh /etc/regist ... Up (health: starting) 5000/tcp #(没有的)创建和有的直接启动容器,-d参数代表在后台运行服务 [root@192 harbor]# docker-compose up -d harbor-log is up-to-date Starting harbor-db ... registry is up-to-date Starting harbor-adminserver ... Starting redis ... harbor-ui is up-to-date Starting harbor-jobservice ... Starting nginx ... #查看harbor服务状态 [root@192 harbor]# docker-compose ps Name Command State Ports ----------------------------------------------------------------------------------------------------------------- harbor-adminserver /harbor/start.sh Up (health: starting) harbor-db /entrypoint.sh postgres Up (health: starting) 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh Up (health: starting) nginx nginx -g daemon off; Up (health: starting) 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp #列出docker镜像 [root@192 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE tomcat v1 5f8fe4ca82ba 7 hours ago 427MB php v1 d48e00d7de94 7 hours ago 514MB nginx v1 a5412fe37cac 7 hours ago 361MB nginx latest 881bd08c0b08 9 days ago 109MB mysql 5.7 ee7cbd482336 9 days ago 372MB busybox latest d8233ab899d4 3 weeks ago 1.2MB centos 7 1e1148e4cc2c 3 months ago 202MB centos latest 1e1148e4cc2c 3 months ago 202MB goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 4 months ago 350MB goharbor/harbor-migrator v1.6.1 60e8be845b35 4 months ago 798MB goharbor/redis-photon v1.6.1 6a67380bb061 4 months ago 210MB goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 4 months ago 302MB goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 4 months ago 209MB goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 4 months ago 207MB goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 4 months ago 196MB goharbor/nginx-photon v1.6.1 9ca888fe33b2 4 months ago 132MB goharbor/harbor-log v1.6.1 9b1ea3f29465 4 months ago 198MB goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 4 months ago 192MB goharbor/harbor-ui v1.6.1 305ee5b8952c 4 months ago 215MB goharbor/harbor-adminserver v1.6.1 a3e95f74984e 4 months ago 181MB goharbor/harbor-db v1.6.1 3bea3bff0190 4 months ago 219MB java 8 d23bdf5b1b1b 2 years ago 643MB # 配置 php:v1这个镜像,推送到哪里去,这里推送到私有仓库地址
[root@192 harbor]# docker tag php:v1 192.168.1.30/library/php:v1 # docker登陆镜像仓库,成功 [root@192 harbor]# docker login 192.168.1.30 username:testuser1 password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store # 下次再登陆,不需要重复输入用户名,密码 [root@192 harbor]# docker login 192.168.1.30 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #推送到Harbor镜像仓库 [root@192 harbor]# docker push 192.168.1.30/library/php:v1 The push refers to repository [192.168.1.30/library/php] v1: digest: sha256:dff46139f7bbcaf014ef2f1b9a564b99fdf0fd6cedbce965d01e6ad4091566bb size: 1370 # 将nginx:v1打上推送到镜像仓库的地址标签,并推送 [root@192 harbor]# docker tag nginx:v1 192.168.1.30/library/nginx:v1 [root@192 harbor]# docker push 192.168.1.30/library/nginx:v1 The push refers to repository [192.168.1.30/library/nginx] v1: digest: sha256:4b4183c9fc6af4479c0b9632f13076c4276c83ccdc32784b521225f878963c74 size: 1159 # 将tomcat:v1打上推送到镜像仓库的地址标签,并推送 [root@192 harbor]# docker tag tomcat:v1 192.168.1.30/library/tomcat:v1 [root@192 harbor]# docker push 192.168.1.30/library/tomcat:v1 The push refers to repository [192.168.1.30/library/tomcat] v1: digest: sha256:37a025411fc5250673100c51cc60a48878695c9f1f59c953a6751f21b9db18df size: 952 #从镜像仓库拉取nginx:v1 [root@192 harbor]# docker pull 192.168.1.30/library/nginx:v1 v1: Pulling from library/nginx Digest: sha256:4b4183c9fc6af4479c0b9632f13076c4276c83ccdc32784b521225f878963c74 Status: Image is up to date for 192.168.1.30/library/nginx:v1 [root@192 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.1.30/library/tomcat v1 5f8fe4ca82ba 7 hours ago 427MB tomcat v1 5f8fe4ca82ba 7 hours ago 427MB 192.168.1.30/library/php v1 d48e00d7de94 8 hours ago 514MB php v1 d48e00d7de94 8 hours ago 514MB 192.168.1.30/library/nginx v1 a5412fe37cac 8 hours ago 361MB nginx v1 a5412fe37cac 8 hours ago 361MB nginx latest 881bd08c0b08 9 days ago 109MB mysql 5.7 ee7cbd482336 9 days ago 372MB busybox latest d8233ab899d4 3 weeks ago 1.2MB centos 7 1e1148e4cc2c 3 months ago 202MB centos latest 1e1148e4cc2c 3 months ago 202MB goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 4 months ago 350MB goharbor/harbor-migrator v1.6.1 60e8be845b35 4 months ago 798MB goharbor/redis-photon v1.6.1 6a67380bb061 4 months ago 210MB goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 4 months ago 302MB goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 4 months ago 209MB goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 4 months ago 207MB goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 4 months ago 196MB goharbor/nginx-photon v1.6.1 9ca888fe33b2 4 months ago 132MB goharbor/harbor-log v1.6.1 9b1ea3f29465 4 months ago 198MB goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 4 months ago 192MB goharbor/harbor-ui v1.6.1 305ee5b8952c 4 months ago 215MB goharbor/harbor-adminserver v1.6.1 a3e95f74984e 4 months ago 181MB goharbor/harbor-db v1.6.1 3bea3bff0190 4 months ago 219MB java 8 d23bdf5b1b1b 2 years ago 643MB
有个规则:给镜像打好标签后,用docker images是看不到镜像的变化的, 只有通过dockor push 把镜像推送到harbor仓库后, docker images才会看到有新增的镜像
验证结果:
下面演示如何从私有镜像仓库Harbor拉取镜像并运行 nginx, php, 假设 Docker: 快速搭建LNMP网站平台 里面创建的容器,删除掉,只保留lnmp_mysql
[root@192 nginx]# docker container rm -f lnmp_nginx lnmp_nginx [root@192 nginx]# docker container rm -f lnmp_php lnmp_php
#运行没什么特别,就是把镜像名和标签换成私有仓库的就可以 [root@192 nginx]# docker run -d --name lnmp_php --net lnmp --mount src=wwwroot,dst=/wwwroot 192.168.1.30/library/php:v1 c3624fb185f93351af97bea35a604155b52b2e4eca600d5be4e4e5be93b1ee7f [root@192 nginx]# docker run -d --name lnmp_nginx --net lnmp -p 88:80 --mount type=bind,src=$(pwd)/nginx.conf,dst=/usr/local/nginx/conf/nginx.conf --mount src=wwwroot,dst=/wwwroot 192.168.1.30/library/nginx:v1 3cc9715ef1f0bb9b4039c3aa58a3508d14f3825e8b275e2a50467b7e037709b6 [root@192 nginx]# docker container ls -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" 11 seconds ago Up 9 seconds 0.0.0.0:88->80/tcp lnmp_nginx [root@192 nginx]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" 22 seconds ago Up 20 seconds 0.0.0.0:88->80/tcp lnmp_nginx c3624fb185f9 192.168.1.30/library/php:v1 "php-fpm" About a minute ago Up About a minute 9000/tcp lnmp_php 9b2acdc4e0d4 192.168.1.30/library/php:v1 "--name lnmp_php" 9 minutes ago Created 9000/tcp gracious_borg 31416cb93251 192.168.1.30/library/php:v1 "-name lnmp_php" 10 minutes ago Created 9000/tcp vigorous_wiles 679f5aa83443 5f8fe4ca82ba "catalina.sh run" 15 hours ago Up 15 hours 0.0.0.0:99->8080/tcp gifted_gates ce152fffc931 goharbor/harbor-jobservice:v1.6.1 "/harbor/start.sh" 29 hours ago Up 28 hours harbor-jobservice d5a971fcf319 goharbor/nginx-photon:v1.6.1 "nginx -g 'daemon of…" 29 hours ago Up 28 hours (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx 197b6f639c4b goharbor/harbor-ui:v1.6.1 "/harbor/start.sh" 29 hours ago Up 28 hours (healthy) harbor-ui 443fd0c18620 goharbor/harbor-db:v1.6.1 "/entrypoint.sh post…" 29 hours ago Up 28 hours (healthy) 5432/tcp harbor-db 4943f885123b goharbor/harbor-adminserver:v1.6.1 "/harbor/start.sh" 29 hours ago Up 28 hours (healthy) harbor-adminserver d29f080f8615 goharbor/redis-photon:v1.6.1 "docker-entrypoint.s…" 29 hours ago Up 28 hours 6379/tcp redis 5130724e6c5b goharbor/registry-photon:v2.6.2-v1.6.1 "/entrypoint.sh /etc…" 29 hours ago Up 28 hours (healthy) 5000/tcp registry 737c956d3c64 goharbor/harbor-log:v1.6.1 "/bin/sh -c /usr/loc…" 29 hours ago Up 28 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log 845547a65a14 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Up 19 hours 3306/tcp, 33060/tcp lnmp_mysql f4f3056e14b6 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Exited (1) 34 hours ago objective_wozniak [root@192 nginx]# docker container ls -a|grep lnmp 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" 29 seconds ago Up 27 seconds 0.0.0.0:88->80/tcp lnmp_nginx c3624fb185f9 192.168.1.30/library/php:v1 "php-fpm" About a minute ago Up About a minute 9000/tcp lnmp_php 845547a65a14 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Up 19 hours 3306/tcp, 33060/tcp lnmp_mysql [root@192 nginx]# docker container ls -a|grep lnmp 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:88->80/tcp lnmp_nginx c3624fb185f9 192.168.1.30/library/php:v1 "php-fpm" 2 minutes ago Up 2 minutes 9000/tcp lnmp_php 845547a65a14 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Up 19 hours 3306/tcp, 33060/tcp lnmp_mysql
打开浏览器看一下:
到此,测试从私有仓库harbor上拉取镜像,并运行,测试通过。
这里需要注意的是, php,nginx运行是有顺序的,需要先运行 php,在运行nginx.
因为nginx.cnf配置文件里,配置了转发到lnmp_php,找不到这个服务器, nginx服务就会退出 。
作者: 梅梅~
出处: https://www.cnblogs.com/keeptesting
关于作者:专注软件测试,测试运维相关工作,请多多赐教!
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出, 原文链接 欢迎沟通交流加微信联系。 微信:yangguangkg20140901 暗号:博客园.
